HID Forecasts Leading Access Control Trends for 2013 (Part 1)

HID Global has released its annual Top 10 list of access control trends for the coming year, which focus heavily Near Field Communications (NFC), adoption of mobile devices and cloud-based services. Following are the trends, Nos. 1-5, with explanations:

Security Resource

IRVINE, Calif. — HID Global has released its annual Top 10 list of access control trends for the coming year, which focus heavily Near Field Communications (NFC), adoption of mobile devices and cloud-based services.

Following are the trends, Nos. 1-5, with explanations:

1.Users are seeking a more “frictionless” security experience, with solutions that are built on open standards to ensure interoperability, adaptability, and credential portability to mobile devices.

The term frictionless is used to describe security solutions that don’t slow users down. Rather than make users carry separate cards, keys and tokens, the coming generation of frictionless solutions will embed these and other credentials inside NFC-enabled smartphones and other mobile devices. As an example, while strong authentication will remain a primary pillar of an organization’s security strategy, the need for improved cost and convenience will drive the development of solutions that don’t require users to carry a dedicated security token. Similarly, users will value being able to open doors with their smartphones, rather than having to carry an ID card.

To support this trend, credentials will be embedded into NFC-enabled phones, and identity management will move to the cloud in a way that facilitates frictionless user login (often from personal devices using the bring your own device, or BYOD, deployment model) for both software as a service (SaaS) and various internal enterprise applications. Using BYOD smartphones for frictionless access control applications requires planning and a rigorous security assessment, along with an infrastructure that supports cloud-based provisioning of digital keys and credentials.

Cloud security becomes critical. Today, much of the discussion is focused on securing the platform, but as enterprises continue to move applications into the cloud and take advantage of the SaaS model, it will be critical to resolve challenges around provisioning and revoking user identities across multiple cloud-based applications, while also enabling secure, frictionless user login to those applications. Frictionless access control solutions will also need to support open standards to foster the availability of interoperable products and future-proof the access control infrastructure, ensuring that investments in today’s technologies can be leveraged in the future.

2. Mobile access control adoption will accelerate and evolve to dramatically change the industry.

During 2012, the industry laid the foundation for mobile access control deployment on NFC-enabled mobile devices. To fuel broad adoption, the landscape must include widely available NFC-enabled handsets with secure elements, supporting all primary operating systems. All keys and cryptographic operations must be protected inside the smartphone’s secure element — usually an embedded tamper-proof integrated circuit, or a plug-in module version called a subscriber identity module (SIM) — to ensure that there is a secure communications channel for transferring information within a trusted boundary between NFC-enabled phones, their secure elements, and other secure media and devices. The landscape also must include readers, locks and other hardware that can read digital keys carried on these handsets, as well as an ecosystem of mobile network operators (MNOs), trusted service managers (TSMs) and other providers who can deliver and manage mobile credentials. The timing and development of this ecosystem will have an impact on how quickly NFC is adopted for any application, from mobile payment to transport ticketing to access control.

The most simplistic mobile access control model is card emulation. But as we move forward, there is the potential to dramatically change the industry, taking advantage of the smartphone’s onboard intelligence to complete most of the tasks now performed by the access control system. Consider this: approximately 5% of all doors in a facility today have some sort of electronic access control, and the remaining doors are either secured by a mechanical lock and key, or are unsecured. If we let NFC-enabled smartphones serve both as the key and the rules engine that makes the access control decision, we can secure far more doors electronically. We simply install “dumb” electronic locks, and allow the smartphone to make the decision to grant or deny access, according to policy. For each door that is electronically secure today, we could see more than five times that number being secured in the future using this mobile access control model.

3. Mobile access control solutions will still coexist with cards.

One of the greatest benefits of mobile access control is that all identity information the user requires for opening office doors and logging onto enterprise computers is safely embedded in a phone, rather than on a plastic card that can be copied or stolen, and without requiring the user to remember passwords (or write them on Post-it notes attached to their computer screen). Despite these and other benefits, it is unlikely that NFC-enabled smartphones will completely replace physical smart cards in the coming years. Instead, mobile access credentials inside NFC-enabled smartphones will co-exist with cards and badges so that organizations can implement a choice of smart cards, mobile devices or both within their physical access control system (PACS). Many organizations will still want their employees to carry traditional cards because they are used as a means of photo identification. It will be important for users to plan ahead to support both types of credentials in their PACS.

4. Access control continues to converge – both on cards, and on NFC-enabled mobile devices.

Users increasingly want a single credential for entering the building, logging onto the network, accessing applications and other systems, and gaining remote access to secure networks without needing a one-time password (OTP) token or key fob. It’s more convenient, and greatly improves security by enabling strong authentication throughout the IT infrastructure on key systems and applications, rather than just at the perimeter. It also reduces deployment and operational costs, by enabling organizations to leverage their existing credential investment to seamlessly add logical access control for network log-on and create a fully interoperable, multilayered security solution across company networks, systems and facilities. Converged solutions also help organizations meet regulatory requirements, enforce consistent policies, and drive consistent audit logs throughout the enterprise while cutting costs by consolidating tasks.

Mobile access control solutions are ideal convergence platforms. NFC adoption will increase interest in extending contactless card technology beyond building access to include authenticating identity in the IT domain. Physical and IT security teams will begin working together more closely. Phones apps will generate One Time Password (OTP) soft tokens or receive them via SMS, and a variety of other access control keys and credentials will be sent over the air to the phone using a convenient, cloud-based provisioning model that eliminates credential copying and makes it easier to issue temporary credentials, cancel lost or stolen credentials, and monitor and modify security parameters when required. This trend also improves the economic model for biometrics, by turning the smartphone into a portable database for template storage that simplifies system start-up, supports unlimited user populations spanning multiple sites, and eliminates redundant wiring requirements for template management. But the trend will also drive the need for adequate cloud-based security data so smartphones can be used for network and application logon. The most effective approach for addressing data moving to the cloud will likely be federated identity management, which allows users to access multiple applications by authenticating to a central portal.

5. Card technology will continue to migrate from prox to magstripe to smarter smart cards with additional, multilayered security.

Card technology continues to evolve from prox cards to magstripe cards and on to smart cards. Today’s gold standard for access control applications is contactless smart cards that are based on open standards, and feature a universal card edge, also known as a card command interface, which improves interoperability with a broad ecosystem of products within a trusted boundary. The latest cards improve security, privacy and portability to mobile credentials, and users are increasingly enhancing their cards and badges with more and more layers of additional visual and digital security. Visual elements include higher-resolution images, holographic card over-laminates, and permanent and unalterable, laser-engraved personalization attributes. Cards also increasingly incorporate expanded digital storage capacity so they can include biometric and other multifactor authentication information to enhance identity validation. Printing technology also continues to advance in support of these trends, simplifying how cards are produced and distributed while making them more secure.

Additionally, smart cards are moving into new market segments. For instance, the U.S. is exploring solutions that implement the Europay Mastercard Visa (EMV) global credit and debit payment standard based on chip card technology. Migrating to smart cards offers stronger security, and the benefit of combining multiple applications and both physical and logical access control into a single solution that, optionally, can reside on NFC-enabled smartphones. Although migration does involve change, the combination of multitechnology cards and readers plus field-programmable cards and systems minimizes disruption to the day-to-day workflow, and employees and the organization very quickly benefit from a more secure and user-friendly environment that provides the scalable foundation for future capabilities and applications.